P
US11501022B2ActiveUtilityPatentIndex 61

Application security policy management agent

Assignee: CISCO TECH INCPriority: Jul 17, 2018Filed: Oct 21, 2020Granted: Nov 15, 2022
Est. expiryJul 17, 2038(~12 yrs left)· nominal 20-yr term from priority
Inventors:HULICK JR WALTER T
H04L 63/105H04L 63/20G06F 21/53G06F 11/3065G06F 21/629G06F 21/604
61
PatentIndex Score
1
Cited by
16
References
20
Claims

Abstract

A policy generation agent automatically generates a security policy for an application and a security manager. The agent runs the application in a development environment, causing the application to request permissions from the security manager. The agent passes the permissions request to the security manager. The security manger determines whether to approve or deny the request based on a permissions policy. Responsive to a determination to deny the request, the agent generates an updated permissions policy by updating the permissions policy to approve subsequent requests for the permissions. The agent also associates the updated permissions policy with the application, and suppresses any exceptions generated by the security manager in denying the request before approving the request for the permissions in the development environment.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A method comprising:
 running an application in a development environment, wherein running the application causes the application to produce a request for one or more permissions from a security manager function; 
 passing the request for the permissions to the security manager function; 
 determining, with the security manager function, whether to approve or deny the request based on a permissions policy; 
 responsive to a determination by the security manager function to deny the request, generating an updated permissions policy by updating the permissions policy to approve subsequent requests for the one or more permissions; 
 associating the updated permissions policy with the application; 
 suppressing any exceptions generated by the security manager function in denying the request for the one or more permissions; and 
 approving the one or more permissions in the development environment. 
 
     
     
       2. The method of  claim 1 , further comprising iteratively updating the permissions policy based on additional requests for additional permissions. 
     
     
       3. The method of  claim 2 , further comprising:
 determining whether running the application no longer generates the additional requests for the additional permissions; 
 halting the application in the development environment; and 
 associating a final permissions policy with the application. 
 
     
     
       4. The method of  claim 1 , wherein the security manager function is a custom security manage defined by the application. 
     
     
       5. The method of  claim 1 , further comprising:
 storing a record of each permission requested while running the application in the development environment; and 
 generating an audit report on permissions requested by one or more third party software function modules called by running the application. 
 
     
     
       6. The method of  claim 1 , wherein running the application comprises using a script to access specific portions of source code in the application. 
     
     
       7. The method of  claim 6 , wherein the source code of the application includes third party modules. 
     
     
       8. An apparatus comprising:
 a memory; and 
 a processor coupled to the memory, the processor configured execute instructions stored in the memory to:
 run an application in a development environment, wherein running the application causes the application to produce a request for one or more permissions from a security manager function; 
 pass the request for the permissions to the security manager function; 
 cause the security manager function to determine whether to approve or deny the request based on a permissions policy; 
 responsive to a determination by the security manager function to deny the request, generate an updated permissions policy by updating the permissions policy to approve subsequent requests for the one or more permissions; 
 associate the updated permissions policy with the application 
 suppress any exceptions generated by the security manager function in denying the request for the one or more permissions; and 
 cause the security manager function to approve the one or more permissions in the development environment. 
 
 
     
     
       9. The apparatus of  claim 8 , wherein the processor is further configured to iteratively update the permissions policy based on additional requests for additional permissions. 
     
     
       10. The apparatus of  claim 9 , wherein the processor is further configured to:
 determine whether running the application no longer generates the additional requests for the additional permissions; 
 halt the application in the development environment; and 
 associate a final permissions policy with the application. 
 
     
     
       11. The apparatus of  claim 8 , wherein the processor is configured to operate the security manager function as a custom security manage defined by the application. 
     
     
       12. The apparatus of  claim 8 , wherein the processor is further configured to:
 store in the memory, a record of each permission requested while running the application in the development environment; and 
 generate an audit report on permissions requested by one or more third party software function modules called by running the application. 
 
     
     
       13. The apparatus of  claim 8 , wherein the processor is configured to run the application by using a script to access specific portions of source code in the application. 
     
     
       14. The apparatus of  claim 13 , wherein the source code of the application includes third party modules. 
     
     
       15. One or more non-transitory computer readable storage media encoded with software comprising computer executable instructions and, when the software is executed by a processor, cause the processor to:
 run an application in a development environment, wherein running the application causes the application to produce a request for one or more permissions from a security manager function; 
 pass the request for the permissions to the security manager function; 
 cause the security manager function to determine whether to approve or deny the request based on a permissions policy; 
 responsive to a determination by the security manager function to deny the request, generate an updated permissions policy by updating the permissions policy to approve subsequent requests for the one or more permissions; 
 associate the updated permissions policy with the application; 
 suppress any exceptions generated by the security manager function in denying the request for the one or more permissions; and 
 cause the security manager function to approve the one or more permissions in the development environment. 
 
     
     
       16. The non-transitory computer readable storage media of  claim 15 , further comprising instructions operable to cause the processor to iteratively update the permissions policy based on additional requests for additional permissions. 
     
     
       17. The non-transitory computer readable storage media of  claim 16 , further comprising instructions operable to cause the processor to:
 determine whether running the application no longer generates the additional requests for the additional permissions; 
 halt the application in the development environment; and 
 associate a final permissions policy with the application. 
 
     
     
       18. The non-transitory computer readable storage media of  claim 15 , further comprising instructions operable to cause the processor to operate the security manager function as a custom security manage defined by the application. 
     
     
       19. The non-transitory computer readable storage media of  claim 15 , further comprising instructions operable to cause the processor to:
 store a record of each permission requested while running the application in the development environment; and 
 generate an audit report on permissions requested by one or more third party software function modules called by running the application. 
 
     
     
       20. The non-transitory computer readable storage media of  claim 15 , further comprising instructions operable to cause the processor to run the application by using a script to access specific portions of source code in the application, wherein the source code of the application includes third party modules.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.